Settings
Log out
As we see WPA cracking using Aircrack-ng, this session is focusing on a built in tool of Kali linux, Fern Cracker.
This tool is completely GUI based application, so there is no need to type any command in terminal or dont need to remember any commands.
Once you start the fern cracker and if you have monitor mode wifi adapter for scanning, everything is perfect.
This tool gives you options in drop downbox and all you have to do is to select it.
Before using this tool we need a file of passphrase of password for the guessing.
So, Once you fix the target, you need to gather as much as information about the person of the AP, so that it can be helpful in guessing some passwords to crack the wifi AP.
Plug in the USB wireless adapter and open the Terminal and run iwconfig to verify the USB adapter interface.
On occasions I have had to bring the wireless adapter interface up using the following command.
#ifconfig wlan0 up
Starting the Fern Program
To start Fern from the Terminal type in the following commands
#cd /pentest/wireless/fern-wifi-cracker #python execute.py
or start Fern via the GUI using the Kali Linux menu
Using the Fern Program
Select the Interface and Fern enables monitor mode. If your wireless interface does not show in the list hit the Refresh button and try again.
Before starting the scan double-click on any blank area of the Fern home screen to bring up the Access Point Scan Preferences screen. You can set the channel option to scan a single channel or leave it at the default All Channels. One nice feature is to check the Enable XTerms option which will have Fern open up the Terminal windows during its usage to see what the program is doing in the background. Click OK when done.
Back on the Fern home screen click the Scan for Access points button.
Two Terminal windows will open; one showing the WEP enabled networks (no screen shot), and another showing the WPA enabled networks. The top part of the WPA Scan Terminal window shows the networks being found, and the lower part shows any connected client devices. For a WPA attack to work it requires a connected client. The most important part of the attack will kick the client off the wireless network and capture the 4-way handshake when the client device re-authenticates to the network. If the network you want to pentest has no connected client your out of luck!
On Ferns home screen the networks being detected will start populating next to the WiFi WEP or WiFi WPA buttons
Clicking on the WiFi WEP or WiFi WPA button will bring up the Attack screen and the top pane will list the networks found. Select the AP to crack, but before clicking the Attack button to the right let’s go over a couple of settings.
I will use the Regular Attack option, but there is a WPS Attack option and I believe Fern uses the Reaver utility to launch the WPS attack.
Common.txt is the wordlist that comes with the Fern program, but any wordlist you download or have created on your own can be used by hitting the Browse button and pointing Fern to the alternative wordlist file.
With the Regular Attack and the wordlist selected hit the Attack button.
Fern will start the attack and on the left side of the screen the attack steps will turn yellow as Fern works through the various steps. The most important step is capturing the 4-way handshake and Fern will open an aireplay-ng Terminal window showing the progress of deauthentication (if XTerms is checked in the preferences) of the connected client.
It may take several attempts to deauth a client and capture the 4-way handshake.
Once Fern has captured the handshake it will start the bruteforce attack. Viola! If the WPA key is in the wordlist being used it will display the found key in Red.
As I mentioned I setup a passphrase I knew would be found quickly, and from start to finish this attack took under 4 minutes!
Back on the Fern main screen is a Key Database button and it now shows one entry.
Clicking the Key Database button will display the found keys.